<?php
session_start();
include "conn.php"; 
?>





<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>飛羽主題攝影</title>
<link href="../css/main_admin.css" rel="stylesheet" type="text/css" />
</head>
<body >









<?php
if($_POST["username"]!="" ){

$username=trim(make_safe($_POST["username"]));
$password=trim(make_safe($_POST["password"]));

for($i=0;$i<=strlen($username);$i++){
	$username2=substr($username,$i,1);
	if($username2=="%" or $username2=="&" or $username2=="<" or $username2==">" or $username2=="|" ){ 
       echo "<script>alert('您的 管理帳號 中含有非法字符，請重新輸入！');window.history.back();</script>";

}
}



for($i=0;$i<=strlen($password);$i++){
	$password2=substr($password,$i,1);
	if($password2=="%" or $password2=="&" or $password2=="<" or $password2==">" or $password2=="|" ){ 
       echo "<script>alert('您的 管理密碼 中含有非法字符，請重新輸入！');window.history.back();</script>";

}
}




  $sql=mysql_query("select * from guanli where  username='$username'  and password='$password'");
$info=mysql_fetch_array($sql);
if($info){
?>



<?php
 $_SESSION["username2"]=$info["username"];
 $_SESSION["id2"]=$info["id"];
  $_SESSION["box11"]=$info["box1"];
   $_SESSION["box22"]=$info["box2"];
    $_SESSION["box33"]=$info["box3"];
	 $_SESSION["box44"]=$info["box4"];
	  $_SESSION["box55"]=$info["box5"];
	   $_SESSION["box66"]=$info["box6"];
	    $_SESSION["box77"]=$info["box7"];
		 $_SESSION["box88"]=$info["box8"];
		  $_SESSION["box99"]=$info["box9"];
//  $_SESSION["username2"]="admin";
 
 ?>
 
<script language="javascript">
alert("恭喜您，登入成功！");window.location.href="category.php?nid=1";
</script>

<?php
}
else
{
?>
<?php $_SESSION["username2"]="";?>
<script language="javascript">
alert("對不起，您輸入的用戶名稱或密碼錯誤！");window.location.href="index.php";
</script>
<?php
}
}
?>


<script language=javascript>

function CheckForm()
{
	if(document.Login.username.value=="")
	{
		alert("請輸入用戶名！");
		document.Login.username.focus();
		return false;
	}
	if(document.Login.password.value == "")
	{
		alert("請輸入密碼！");
		document.Login.password.focus();
		return false;
	}
	if (document.Login.yanzheng.value==""){
       alert ("請輸入您的驗證碼！");
       document.Login.yanzheng.focus();
       return(false);
    }
	
	
	if (document.Login.yanzheng.value!=document.Login.yanzheng2.value){
       alert ("請輸入正確的驗證碼！");
       document.Login.yanzheng.focus();
       return(false);
    }
}



//-->
</script>





<form name="Login" action="index.php" method="post">
<div id="main">
      <div id="top-1"><a href="index.php"><img src="../images/logo-admin.jpg" alt="飛羽主題攝影" width="144" height="152" border="0" /></a></div>
      <div id="top-2">
        <table border="0" cellspacing="0" cellpadding="0"  id="login-tit">
          <tr>
            <td>後台管理登入頁面 </td>
          </tr>
        </table>
      </div>
      <div id="top-3">
        <div id="m-login"><div id="login_tab">
          <table border="0" cellpadding="0" cellspacing="0" class="login-1">
            <tr>
              <td class="login-1-1">帳號</td>
              <td valign="top" class="login-1-2"><label>
                <input name="username" type="text" class="login-1-3" id="textfield5" />
              </label></td>
            </tr>
          </table>
          <table border="0" cellpadding="0" cellspacing="0" class="login-1">
            <tr>
              <td class="login-1-1">密碼</td>
              <td valign="top" class="login-1-2"><label>
                <input name="password" type="password" class="login-1-3" id="textfield3" />
              </label></td>
            </tr>
          </table>
          <table border="0" cellpadding="0" cellspacing="0" class="login-1">
            <tr>
              <td >&nbsp;</td>
              <td valign="top" class="login-1-2"><input onClick="return CheckForm(form);" name="button" type="submit" class="login-btn"  id="button" value="登入" /></td>
            </tr>
          </table>
        </div>
        </div>
        
      </div>
    </div>

</form>
</body>
</html>